On Sun, 2008-06-01 at 17:12 +0930, Tim wrote: > > Simply put, one could create a keylist, publish it someplace secure > > with limited access and limited time availability, communicate to > the > > designated individual where and when, and the designated individual > > could use something like VPN to pick up the encrypted key list. The > > key to break that key list could be given over the phone. The > result > > would certainly minimize exposure of the keys. > > I'm not sure that exposure of keys is a problem (so long as keys are > strong). I'd be unconcerned about exposure of uncrackable keys if > keys > and key IDs were used, with no way to harvest email addresses from > them. > i.e. If keys didn't contain addresses, just unique IDs. The whole crux of the problem isn't exposing the (public) keys, it's reliably associating a public key with an identity. poc -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
